Veracode's supply chain security testing program

Wednesday, September 19, 2012

Veracode has announced a new solution for enterprises and their software vendors to protect against security breaches and data theft in vendor-supplied software and throughout the supply chain.
The company provides cloud-based application security testing and has launched a new Vendor Application Security Testing (VAST) that will provide an independent, automated, and fully outsourced risk assessment for supply chain software.
The VAST program allows enterprises and software vendors to collaborate around the testing of software security and compliance requirements before it is implemented. Veracode says the testing will provide security information to potential clients without compromising a vendor’s intellectual property.
Bob Brennan, chief executive officer of Veracode, said the vast majority of supply chain enterprise software is not designed or built with security in mind. The goal of his company is to allow vendors to fix holes left in the supply chain through the software without the need of an attack or outage to expose the flaws.
“Application security testing of third party providers should be a critical element of any information security initiative,” said Joseph Feiman, research vice president at Gartner. “Enterprises need to start putting pressure on their providers to request independent security verification of vendor-supplied software to fully guarantee software supply chain integrity.”
According to the 2012 PricewaterhouseCoopers Security Report, up to 80 percent of third party software fails basic tests for security compliance. Many companies, both the IT suppliers and their customers, can’t afford the time, resources, or expense to do a full security sweep and runthrough, which means those using such software in outsourced, SaaS, and cloud-based environments can be putting themselves at risk. - Geoff Whiting